# Author: JP Donnio
# Contact: tag-nss-update-crl@tbs-internet.com
# http://www.tbs-certificats.com/
#
# Doc at: http://www.tbs-certificats.com/ssl/nss_tools_crl_ca_control.html
#
# Version: 1.1
# Date: 20090428
#
# File used by nss_update_crl & pitux_update_crl
#
# This file containing a list of CRL URLs is provided AS IS and does not 
# contains all the CRLs your need! Our list is cut-down because we have 
# also cut-down the approved CA list.
# Please review the list of CAs you have approved and make sure you have 
# all the CRLs. If you have left all the default firefox (NSS) builtin 
# roots (either ignorant or crazy), the provided file is FAR from complete!
#
# this CRL list should contain at least all the CRLs of the approved roots 
# (see nss_restrict_ca & nss_restrict_ca.list)
#
# Format: one URL per line
#
# Each CRL is owned by its respective owners, rights of use might apply
#
# LIST STARTS HERE
#
http://crl.verisign.com/RSASecureServer.crl
http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl
#
#missing#Thawte Personal Basic CA
#missing#Thawte Personal Premium CA
http://crl.thawte.com/ThawtePersonalFreemailCA.crl
http://crl.thawte.com/ThawteServerCA.crl
http://crl.thawte.com/ThawteServerPremiumCA.crl
http://crl.geotrust.com/crls/secureca.crl
http://crl.verisign.com/pca1.crl
http://crl.verisign.com/pca2.crl
http://crl.verisign.com/pca3.crl
http://crl.verisign.com/pca1-g2.crl
http://crl.verisign.com/pca2-g2.crl
http://crl.verisign.com/pca3-g2.crl
#missing#Verisign Class 4 Public Primary Certification Authority - G2
http://crl.globalsign.net/Root.crl
#unknown#GlobalSign Root CA - R2
http://crl.verisign.com/pca1-g3.crl
http://crl.verisign.com/pca2-g3.crl
http://crl.verisign.com/pca3-g3.crl
#
http://crl.verisign.com/SVRIntl.crl
http://crl.verisign.com/SVRSecure2005.crl
http://crl.verisign.com/Class3OFX.crl
http://crl.verisign.com/pca3-g5.crl
http://crl.verisign.com/EVIntl2006.crl
http://crl.verisign.com/EVSecure2006.crl
http://crl.verisign.com/SVRSecureG2.crl
http://crl.verisign.com/SVR1024SecureG2.crl
http://crl.verisign.com/CSC3-2004.crl
http://crl.verisign.com/CSC3-2009-2.crl
http://crl.verisign.com/OFX-G3.crl
#
http://crl.entrust.net/net1.crl
http://crl.geotrust.com/crls/ebizca1.crl
http://crl.geotrust.com/crls/globalca1.crl
http://crl.comodoca.com/AddTrustClass1CARoot.crl
http://crl.comodoca.com/AddTrustExternalCARoot.crl
http://crl.comodoca.com/AddTrustQualifiedCARoot.crl
http://crl.verisign.com/tsaca.crl
http://crl.thawte.com/ThawteTimestampingCA.crl
#missing#Entrust Root Certification Authority
http://crl.comodoca.com/AAACertificateServices_2.crl
#missing#Comodo Secure Services root            	C,C,C
#missing#Comodo Trusted Services root           	C,C,C
http://crl.comodoca.com/UTN-DATACorpSGC.crl
http://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmail.crl
http://crl.comodoca.com/UTN-USERFirst-Hardware.crl
http://crl.comodoca.com/UTN-USERFirst-Object.crl
http://crl3.digicert.com/DigiCertGlobalCA.crl
http://www.certplus.com/CRL/class2.crl
http://crl.verisign.com/GeoTrustPCA.crl
http://crl.thawte.com/ThawtePCA.crl
http://crl.comodoca.com/COMODOCertificationAuthority.crl
#missing#MINEFI FR
#missing#Verisign Secure Server OCSP Responder
#missing#Verisign Class 1 Public Primary OCSP Responder
#missing#Verisign Class 2 Public Primary OCSP Responder
#missing#Verisign Class 3 Public Primary OCSP Responder
#missing#Verisign Class 4 Public Primary OCSP Responder
#
# intermediates
#
http://crl.thawte.com/ThawtePersonalFreemailRSA2000830.crl
http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
http://www.chambersign.fr/telechargement/lcr/Fiducio.crl
http://www.chambersign.fr/telechargement/lcr/Initio.crl
#
#missing#GlobalSign Class 2 CA - GlobalSign nv-sa	c,C,c
#
# other implicitely-trusted intermediates
#
http://crl.tbs-x509.com/TBSX509CAbusiness.crl
http://crl.tbs-x509.com/TBSX509CAinstitutionnel.crl
http://crl.tbs-x509.com/TBSX509CApersona.crl
http://crl.tbs-x509.com/TBSX509CAprohosting.crl
http://crl.tbs-x509.com/TBSX509CASGC.crl
http://crl.tbs-x509.com/TBSX509CAsignaturecomposants.crl
http://crl.ovh.net/OVHHighAssuranceSecureCA.crl
http://crl.ovh.net/OVHLowAssuranceSecureCA.crl
http://crl.comodoca.com/Class3SecurityServices_3.crl
http://crl.comodoca.com/EssentialSSLCA.crl
http://crl.comodoca.com/PositiveSSLCA.crl
#expired#http://crl.comodo.net/Class3SecurityServices_2.crl
http://crl.thawte.com/ThawteCodeSigningCA.crl
http://crl.thawte.com/ThawteSGCCA.crl
http://crl.thawte.com/ThawteSSLDomainCA.crl
http://crl.verisign.com/Class3NewOFX.crl
http://crl.verisign.com/Class3InternationalServer.crl
http://crl.verisign.com/Class3CodeSigning2001.crl
http://crl.verisign.com/Class3WLANServer.crl
http://onsitecrl.verisign.com/OnSitePublic/LatestCRL.crl
http://crl.verisign.com/VSClass2Int.crl
http://onsitecrl.verisign.com/VeriSignIncExchangeEmployees/LatestCRL.crl
http://crl.verisign.com/class1.crl
http://trustcenter-crl.certificat2.com/keynectis/class2keynectisca.crl
http://www.certificat.com/crl/ACCERTINOMISSSL.crl
# CSF root, missing in the CA list!
http://crl.chambersign.tm.fr/autorite_consulaire.crl
#
# EV stuff
http://crl.comodoca.com/ComodoEVSGCCA.crl
http://crl.comodoca.com/ComodoEVSSLCA.crl
http://crl.thawte.com/ThawteEVCA2006.crl
http://crl.geotrust.com/crls/gtextvalca.crl
#
# CRLs of some untrusted CAs
http://crl.globalsign.net/DomainVal1.crl
http://crl.globalsign.net/educational.crl
http://crl.globalsign.net/OrganizationVal1.crl
http://crl.globalsign.net/PrimServer.crl
http://crl.globalsign.net/ServerSign.crl
http://crl.globalsign.net/sureserver.crl
http://crl.globalsign.net/ExtendVal1.crl
http://crl.csctrustedsecure.com/TrustedSecureCA.crl
http://crl.digicert.com/DigiCertSecurityServicesCA_2.crl
http://crl3.digicert.com/ca3-2009b.crl
http://crl.netsolssl.com/NetworkSolutions_CA.crl
http://crl.netsolssl.com/NetworkSolutionsEVSSLCA.crl
http://certificates.godaddy.com/repository/godaddyextendedissuing4.crl
http://crl.alphassl.com/Alpha.crl
http://crl.gandi.net/GandiStandardSSLCA.crl
http://crl.gandi.net/GandiProSSLCA.crl
http://crl.gandi.net/GandiSGCSSLCA.crl